| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-34092 | Block UI elements in 'tools'-sidebar shows presence of an autoblocked IP | Wikimedia Foundation | MediaWiki | - | - | 2026-05-11 15:00:30 | Deep Dive |
| CVE-2026-34091 | User localization leaked by AbuseFilter + EventStream | Wikimedia Foundation | MediaWiki | - | - | 2026-05-11 14:55:33 | Deep Dive |
| CVE-2026-34090 | Suggested investigations: Handle suppressed usernames | Wikimedia Foundation | CheckUser | - | - | 2026-05-11 14:50:50 | Deep Dive |
| CVE-2026-34089 | Memory leak in Scribunto causes runJobs.php to run out of memory | Wikimedia Foundation | Scribunto | - | - | 2026-05-11 14:46:32 | Deep Dive |
| CVE-2026-34088 | RecentChanges entries expose suppressed content via generated log page html | Wikimedia Foundation | MediaWiki | - | - | 2026-05-11 14:43:45 | Deep Dive |
| CVE-2026-34087 | Users API leaks whether privileged users have their user groups disabled for lack of 2FA | Wikimedia Foundation | OATHAuth | - | - | 2026-05-11 14:40:13 | Deep Dive |
| CVE-2026-34086 | AbuseFilter misuses ::userCanBitfield, exposing access-controlled information | Wikimedia Foundation | AbuseFilter | - | - | 2026-05-11 14:35:15 | Deep Dive |
| CVE-2026-41018 | Apache Airflow Providers Elasticsearch: Elasticsearch task-log handler leaks credentials embedded in the host URL | Apache Software Foundation | Apache Airflow Providers Elasticsearch | - | - | 2026-05-11 08:21:48 | Deep Dive |
| CVE-2026-43826 | Apache Airflow Providers OpenSearch: OpenSearch task-log handler leaks credentials embedded in the host URL | Apache Software Foundation | Apache Airflow Providers OpenSearch | - | - | 2026-05-11 08:21:09 | Deep Dive |
| CVE-2026-39816 | Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService | Apache Software Foundation | Apache NiFi | - | - | 2026-05-08 13:38:13 | Deep Dive |
| CVE-2026-25199 | Apache CloudStack: Proxmox Extension Allows Unauthorized Cross-Tenant Instance Access | Apache Software Foundation | Apache CloudStack | - | - | 2026-05-08 12:22:56 | Deep Dive |
| CVE-2026-25077 | Apache CloudStack: Unauthenticated Command Injection in Direct Download Templates | Apache Software Foundation | Apache CloudStack | - | - | 2026-05-08 12:21:27 | Deep Dive |
| CVE-2025-69233 | Apache CloudStack: Domain/account resources limits not honored | Apache Software Foundation | Apache CloudStack | Medium | 6.5 | 2026-05-08 12:19:31 | Deep Dive |
| CVE-2025-66467 | Apache CloudStack: MinIO policy remains intact on bucket deletion | Apache Software Foundation | Apache CloudStack | High | 8.0 | 2026-05-08 12:16:05 | Deep Dive |
| CVE-2025-66172 | Apache CloudStack: Any user can attach a volume in their VMs from backups they should not have access to | Apache Software Foundation | Apache CloudStack | - | - | 2026-05-08 12:13:18 | Deep Dive |
| CVE-2025-66171 | Apache CloudStack: Any user can create a new VM from backups they should not have access to | Apache Software Foundation | Apache CloudStack | - | - | 2026-05-08 12:11:04 | Deep Dive |
| CVE-2025-66170 | Apache CloudStack: Any user can list backups that they should not have access to | Apache Software Foundation | Apache CloudStack | - | - | 2026-05-08 12:06:32 | Deep Dive |
| CVE-2026-4430 | Heap Buffer Overflow in AgileEngine | The Document Foundation | LibreOffice | - | - | 2026-05-07 07:16:19 | Deep Dive |
| CVE-2026-6860 | Eclipse Vert.x 安全漏洞 | Eclipse Foundation | Eclipse Vert.x | - | - | 2026-05-06 09:55:13 | Deep Dive |
| CVE-2026-40010 | Apache Wicket: possible session fixation using AuthenticatedWebSession | Apache Software Foundation | Apache Wicket | - | - | 2026-05-06 08:34:30 | Deep Dive |